Projects / FIAIF is an Intelligent Firewall

FIAIF is an Intelligent Firewall

FIAIF is an Intelligent Firewall. It provides a highly customizable script for setting up an iptables-based firewall. Configuration is done through one configuration file for each network to which the firewall is connected. FIAIF supports masquerading, port forwarding, traffic shaping, and more.

Operating Systems

Recent releases

  •  23 Jan 2007 22:33

    Release Notes: This release adds HSFC-based traffic shaping, which is optimized for VoIP setups. A problem where DHCP requests were getting dropped by the firewall has been fixed, as well as ACCEPT_LOG, which was not accepting packets correctly.

    •  04 Dec 2005 23:49

      Release Notes: Significantly improved traffic shaping.

      •  23 Feb 2004 01:18

        Release Notes: It is now possible to have zones covering multiple interfaces (such as ppp+) when the exact interface number is not known. There are numerous updates to TCP flag checking, and rule cleaning is updated, resulting in lesser rules being generated by FIAIF.

        •  03 Jan 2004 15:18

          Release Notes: This release adds an awk script fix for Fedora and changes to scan detection to not log ACK,FIN packages.

          •  28 Sep 2003 21:47

            Release Notes: Scan attacks are now logged to the system log, and improvements has been made to the rule optimizer. A bug in REDIRECT rules has been fixed, and the ICMP traceroute workaround is now only activated if the Linux kernel >= 2.4.21. IP aliases can now be used in all zone rules, and MAC addresses can now be entered in uppercase.

            Recent comments

            14 Jan 2004 07:18 ippo

            Everything worked fine and smooth

            I've searched for a good firewall configuration script or similar for a while. This tool is the only one I've found that has everything I want:

            - Simple to understand, lots of configuration but not too much

            - Handles the most tipical situation (or at least the situation I have seen more in my experience): External zone (for clients), Internal Zone, Another external zone for servers, DMZ zone.

            - Last but not least: it works! And the traffic inside and outside is working too!

            Often, with other tools, after running the firewall I simply could not get any traffinc neither inside-out nor outside-in, not even auhorized traffic!

            Many thanks and congratulations to the author!



            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.